CVE-2023-27317

ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a 
vulnerability which will cause all SAS-attached FIPS 140-2 drives to 
become unlocked after a system reboot or power cycle or a single 
SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This
 could lead to disclosure of sensitive information to an attacker with 
physical access to the unlocked drives.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
netappCNA
4.3 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
netappontap
9.12.1:p8
netappontap
9.13.1:p4
netappontap
9.13.1:p5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.netapp.com/advisory/NTAP-20231215-0001/
https://security.netapp.com/advisory/NTAP-20231215-0001/
https://security.netapp.com/advisory/ntap-20231215-0001/